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O (54) Title: MOBILE TERMINAL IDENTITY PROTECTION THROUGH HOME LOCATION REGISTER MODIFICATION 

^? (57) Abstract: Secure access by a mobile wireless teiminal (14) of a wireless telephony network (10) is achieved by having a 
Home Location Register (30) store the terminal's temporary and permanent identities. Upon accessing the network following initial 
registration, the terminal sends a temporary identity to a Serving GPRS Support Node (SGSN) (201 and 202). If no serving node 
in the network knows the terminal, the terminal need not sent its permanent identity in clear as was previously required. Rather, the 
serving node need only query the HLR since the HLR can map the terminal's temporary identity to its permanent identity. In this 
way. the permanent identity of the mobile wireless terminal remains secure. 
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MOBILE TERMINAL IDENTITY PROTECTION THROUGH HOME LOCATION 

REGISTER MODIFICATION 

5 TECHNICAL FIELD 

This invention relates to a technique for protecting the identity of a mobile wireless 
terminal when accessing a wireless telephony network. 

10 BACKGROUND ART 

» * Presently, ns^ seeking wireless telephony service typically subscribe to one of many 
providers of such service. Todays wireless telephony service providers not only offer voice 
calling but also offer General Packet Radio Service (GPRS) to enable the exchange data packets 

15 via a mobile wireless terminal. While GPRS exists in many areas, data transmission rates 

•.^typically do not exceed 56 Kbs and the cost to wireless network service providers to support this 
service remain high, making GPRS expensive. To provide enhanced data communications, 
efforts now exist to establish new standards for wireless telephony. One such effort is the 
pro|)psed 'TJniversal Mobile Telecontmiunications SystCTi (UMTS)" standard specified by the 

20 3rd Generation Partnership Project (3GPP) for advanced packet radio service in wireless 
telephony networks. The UMTS standard proposes transmission rates as high as 2 Mbps, 
making such service more attractive to subscribers. 

In accordance with the UMTS standard, a subscriber's mobile wireless terminal will 
transmit its permanent identity, typically referred to as an Intemational Mobile Station Identity 

25 or IMSI, to the network upon initial registration. To maintain user identity confidentiality and 
untraceability, after initial registration, each subscriber receives fi'om the wireless network a 
temporary identity called Packet Temporary Mobile Subscriber Identity (P-TMSI) kept in a 
Serving GPRS Support Node (SGSN) in the network. Upon each subsequent access of the 
wireless network, the mobile wireless terminal will send its P-TMSI. The SGSN serving that 

30 mobile wireless terminal maps the P-TMSI to the xiser's permanent identity (i.«., IMSI). In this 
way, the user avoids transnutting its IMSI. To reduce the risk of breaching the user's 
confidentiality, the network should not identify the user for a long period by means of die same 
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P-TMSL Rather, the wireless telephony network should assign a new P-TMSI after some 
extended interval. 

Despite efforts to protect the user's conjBdentiality via the P-TMSI, circumstances exist 
in present day wireless telephony networks that require tiie mobile wireless terminal to transmit 
5 its permanent identity (IMSI) after registration. For example, upon a new attachment to the 
wireless telephony network, the mobile wireless terminal could encounter, an SGSN different 
than the one that served the terminal prior to detachment Upon such a new attachment, the 
mobile wireless terminal will send its P-TMSI to the new SGSN. In tum, the new SGSN sends 
an Identification Request message to flie old SGSN. If both the old and new SGSNs lack 
10 knowledge of die mobile wireless terminal, the new SGSN will send an Identity Request 

message to the temiinal. The mobile wireless terminal must respond with is permanent Identity 
(IMSI) in clear text, breaching the confidentiality of the user's identity 

Thus, tiiere is need for a technique for protecting the user's identity during attachment to 
a wireless telephony network. 

15 

BRIEF SUMMARY OF THE INVENTION 



Briefly, in accordance with a preferred embodiment of the present principles, ttiere is 
provided a method for enabling a mobile wireless terminal to securely access a wireless 

20 network, such as a wireless telephony network. The method commences upon receipt in the 
network of an access request fi-om a mobile wireless temiinal that had previously registered 
with the network. Thus, ttie access request made by the mobile wireless terminal will contain a 
temporary identity assigned to the terminal during each attach procedure. Upon receipt of the 
identity request, a query is launched to at least one serving node in the wireless network to 

25 identify the terminal. If no serving node in the wireless network recognizes the mobile wireless 
network, then a query is laimched to a register (e.g., a Home Location Register), which stores 
the identity of each registered mobile wireless terminal previously attached to the network. In 
response, the register sends an identification response to the querying serving node to enable 
authentication of the user. 

30 Maintaining mobile wireless terminal temporary identity information in the Home 

Location Register enables a serving node that does not recognize the terminal to query the 
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register. In this way, tiie mobile wireless terminal need not send its permanent identity when 
unrecognised by the serving node. 



BRffiF DESCRIPTION OF THE DRAWINGS 

5 

FIGURE 1 depicts a block schematic diagram of an illustrative embodiment of a 
wireless telephony network for practicing the principles of tiie present invention; 

FIGURE 2 depicts a chart illustrating the steps of a prior art procedure whereby a mobile 
wireless terminal attaches itself to the network of FIG. 1; and 
10 FIGURE 2 depicts a chart illustrating the steps of a procedure whereby a mobile 

wireless terminal attaches itself to the network of FIG. 1 in accordance with the present 
principles. 



DETAILED DESCRIPTION 

15 

FIGURE 1 depicts a block schematic diagram of a wireless telephony network 10 having 
an architecture as proposed in the UMTS 3GPP standard. The wureless telephony network 10 
includes at least one, and preferably, a plurality of radio access networks, illustratively shown as 
radio access networics 12i and 122. hi the UMTS radio access networks comprising of a Node B 
20 and a Radio Network Controllers (RNC), the UMTS Node B, serves as the point of access for a 
mobile wureless termmal 14 seeking to connect with (attach itself to) the network 10. Radio 
Network Controllers (RNCs) 16\ and I62 each control a separate one of the radio access 
networks 12i and 122, respectively, for the purpose of allocating the necessary resources in each 
network. 

25 Each of the RNCs I61 and I62 connects to a corresponding one of Serving GPRS 

Support Nodes (SGSNs) 20i and 2O2, respectively, that comprise part of the core of the wireless 
telephony network 10. Each SGSN manages packet and voice services for the subscribers on a 
correspondmg radio access network. Each SGSN has a link to a Gateway GPRS Node (GGSN) 
22 that serves as an interface to the Intemet 24 for packet service. Jn a similar fashion, the 

30 SGSN 2O1 connects to a Mobile Switching Center (MSC) 26 that interfaces to the Public 
Switched Telephone Network (PSTN) 28 for voice services. A similar MSC (not shown) 
interfaces the SGSN 2O2 to the PSTN 28. 
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Within the wireless telephony network 10, there exists at least one register (database) 30, 
typically known as the Home Location Register or HLR. The HLR 30 contains packet domain 
subscription data and location information that identifies which SGSN serves a particular' 
subscriber. Each of the SGSNs 20i and 2O2 accesses ttie HLR 30 via a separate Gr interface, 

5 whereas the GGSN 22 accesses the HLR via a Gc interface. In accordance with the present 
principles, the HLR 30 stores the International Mobile. Station Identity (IMSl) and a temporary 
identity (P-TMSI) for each mobile wireless terminal 14 previously attached to the wireless 
telephony network 10. Additionally, the HLR 30 stores the identity (i.e., the address) of each 
SGSN, the address of the SGSN currently attached to the mobile wireless terminal 14, as well as 

10 the address of the last visited SGSN if the terminal is currently detached. For a roaming mobile 
wireless terminal 14 not resident in the wireless telephony network 10, the HLR associated with 
that terminal will reside in a different wireless telephony network, accessible dirough the 
Internet 24 or a private line (not shown). 

In order to better understand the advantage obtained by the attachment technique of the 

15 present principles, a description will first be provided of the current attachment technique 
depicted in FIG. 2. Upon moving fi^om the coverage area of one radio access, network to 
another, a mobile wireless terminal 14 makes an attachment request of the new SGSN serving 
the newly access radio access network during step 100 of FIG. 2. For purposes of illustration, 
assume that the mobile wireless terminal 14 seeks attachment through the radio access network 

20 122 of Fig. 1 . Thus, the mobile wireless terminal 14 initiates the attachment process by making 
the attachment request to the SGSN 2O2, hereinafter referred to as the •'new" SGSN. Should the 
new SGSN 2O2 have no identity information for the mobile wireless terminal 14, the new SGSN 
forwards the attachment request during step 102 of FIG. 2 to the "old" SGSN (e.g., SGSN 20i 
of FIG. 1). If the old SGSN 20i no longer retains any identity information for the mobile 

25 wireless terminal 14, the new SGSN will receive an identity response during step 103 of FIG. 2 
indicating that the old SGSN lacks knowledge of the mobile wireless terminal 14. 

Upon receiving an indication from the old SGSN 20i that mobile wireless t^minal 14 
remains unknown, the new SGSN 2O2 sends the mobile terminal an identity request during stq> 
104 of FIG. 2. If unknown to both the SGSNs 20i and 2O2, the mobile wireless terminal 14 

30 cannot simply send its P-TMSI to identify itself Instead, the mobile wireless terminal 14 must 
respond to the identity request by sending its permanent identity (i.e., its IMSI) in clear text 
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during step 105 of FIG. 2 to the new SGSN 2O2. Sending the IMSI in clear text incurs the risk 
of interception and fraudulent misuse of the subscriber's identity. 

After receiving the IMSI, the new SGSN 2O2 authenticates the mobile wireless terminal 
14 by querying the HLR 30 of FIG. 1 during step 106 of FIG. 2. Upon receiving a positive 

5 authentication response fi^om the HLR 30, the new SGSN 2O2 provides a positive verification 
response to the mobile wireless terminal 14 during step 107. Thereafter, the mobile wireless 
temiinal 14 send an International Mobile Equipmrat Identity (IMEI) request to the new SGSN 
2O2 during step 108 of FIG. 2 to initiate an update of the terminal's location, as well as to verify 
flie status of the terminal. Following receipt of the IMEI check request, the new SGSN 2O2 

10 queries an Equipment Identity Register 32 of FIG. 2 during step 109 to verify whether the 

mobile wireless terminal 14 is legitimate as opposed to having been stolen. Upon finding that 
mobile wireless terminal 14 legitimate during step 109, the new SGSN 2O2 sends a message to 
the HLR 30 during step 1 1 0 to update the location of the terminal. 

In response to the terminal location update infomiation, the HLR 30 sends a request to 

IS the old SGSN 20i during step 1 1 1 to cancel the location information stored therein for the 
mobile wireless terminal 14. The old SGSN 20i responds with a cancel location 
acknowledgement during step 1 12. During step 1 13, the HLR 30 inserts into fee new SGSN 2O2 
subscriber data associated with the mobile wireless tominal 14 that has now attached itself to 
this SGSN. The new SGSN 2O2 responds by an Insert Subscriber Data Acknowledgraient 

20 message during step 114. After step 1 14, the HLR 30 responds to the new SGSN 2O2 with an 
Update Location Acknowledgement message during step 115 of FIG. 2. 

In addition to updating the HLR 30, the new SGSN 2O2 also makes update request to a 
Visiting Location Register (VLR) (not shown) in the MSG 26 of FIG. 1 during step 116 since 
the new SGSN 2O2 is served by a different MSG than the old SGSN 20i. Upon receiving such a 

25 request, the new MSCATLR 26 makes a request during step 1 17 to update the HLR 30. In turn, 
the HLR 30 sends a cancellation command during step 1 1 8 to the old MSCA^R (designated as 
MSG 26* of FIG. 2) to indicate attachment of the mobile wireless terminal to the new SGSN 
2O2. The old MSG 26' of FIG. 2 responds with an Acknowledgement message during step 119. 
Next, the HLR 30 inserts into tiie new MSCA/'LR 26 updated subscriber data during step 

30 120. The new MSG 26 responds with an Insert Subscribe Data Acknowledgement message 
during step 122. The new MSCAHJEl 26 of FIG- 2 then sends a Location Update Acceptance 
message to the new SGSN 2O2 during st^ 123, triggering transmission of an Attach Acceptance 
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message from the new SGSN to the mobile wireless temiinal 14 during step 124. The mobile 
wireless terminal 14 responds with an 'Attach Complete' message during step 125, followed by 
a TMSI Reallocation Complete Message from the new SGSN 2O2 to the new MSCAHLR 26 
during step 126 to indicate completion of the task of reallocating the TMSI mapping from the 
5 old to the new SGSN. 

The prior art attachment process of FIG. 2 incurs the disadvantage of requiring die 
mobile wireless terminal 14 transmit its IMSI in clear text when the old SGSN 20i and the new 
SGSN 2O2 both feil to recognize the terminal. The attachment technique of the present 
principles, best illustrated in FIG. 3, overcomes this disadvantage by storing subscriber identity 

10 information in the HLR 30. Storing such information in the HLR 30 enables identification of 
the mobile wireless terminal 14 in the event neither the old nor new SGSN recognizes the 
terminal. Referring to FIG. 3, the attachment technique of the present principles commences 
when the mobile wireless terminal 14 sends an 'Attach Request' message to the new SGSN 2O2 
during step 200 following a transition of the terminal to the radio access network 122 of FIG. 1. 

15 Upon receipt of the 'Attach Request' message during step 200 of FIG. 3, the new SGSN 2O2 
sends an Identity Request message to the old SGSN 20i during step 202 to identify the mobile 
wireless terminal 14. Absent knowledge of the mobile wireless tmninal 14 having been 
attached, the old SGSN 20i will send the new SGSN 20i an Identity Response message during 
step 202 indicating an error. 

20 In tiie past, when the old SGSN 20i lacked knowledge of a previous attachment of the 

mobile wureless terminal 14, the terminal needed to send its permanent identity in clear text to 
identify itself. To avoid this disadvantage, the present attachment method does not make a 
request of tiie mobile wireless temiinal 14 under such circumstances. Rather, as depicted in 
FIG. 3, the new SGSN 2O2 sends an Identity Request message to the HLR register 30 during 

25 step 203 after receiving an error message during step 202. In accordance with the present 

principles, the HLR 30 stores the temporary identity (i.e., the P-TMSI) and permanent identity 
(IMSI) of each mobile wireless terminal 14 previously attached to the wireless telephony 
network 10. Thus, upon receipt of the Identity Request message during step 203, the HUR 30 
provides the new SGSN 2O2 an Identity Response message during step 204. This message 

30 includes the IMSI of the mobile wireless terminal 14, and the associated authentication vectors 
needed to verify the terminal. During step 205, authentication of the mobile wireless terminal 
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14 occurs. Typically, such authentication occurs in the same manner as during steps 106-123 of 
FIG. 2. 

Following authentication, the new SGSN 2O2 sends an Attach Acceptance message to 
the mobile wireless terminal 14 during step 206 of FIG. 3. In response, the mobile wireless 

S terminal 14 sends an 'Attach Complete' acknowledgement message during step 207. Diiring 
step 208, the new SGSN 2O2 can reallocate the P-TMSI by sending a P-TMSI reallocation 
command to the mobile wireless terminal 14. Upon completion of reallocation of the P-TMSI, 
the mobile wireless terminal 14 sends a P-TMSI reallocation complete acknowledgement to the 
new SGSN 2O2 during step 209. 

10 The applicable GPRS and UMTS standards provide that the SGSN may reallocate the 

P-TMSI at any time. Such reallocation can occur during a P-TMSI Reallocation procedure, or 
as part of the 'Attach* or 'Routing Area Update' procedures. Updating the HLR 30 each time one 
of the SGSNs reallocates the P-TMSI could consume significant resources. Instead, HLR 
updating should be done upon receipt of a P-TMSI and P-TMSI signature firom a SGSN only at 

15 the time of detachment, i.e. only at the time the last P-TMSI and P-TMSI signature are stored in 
the HLR 30. When a SGSN issues a new P-TMSI to a mobile wireless terminal 14 to replace 
the old P-TMSI, the SGSN waits for an acknowledgement before removing the old P-TMSI and 
using the new one. 

In practice, the wireless telephony network 10 of FIG. 1 considers ttie old P-TMSI as 
20 invalid upon receipt of the P-TMSI Reallocation Complete acknowledgment message. If, for 
some reason, the SGSN receives no acknowledgement, and the mobile wireless terminal 
becomes detached, the SGSN will store both old and new P-TMSI for that terminal. Two 
proposed solutions address this problem: 

25 Solution 1 

The mobile wireless terminal 14 initiates detachment 



30 



To detach itself from the wireless telephony network 10 of FIG. 1, the mobile wireless 
terminal 14 sends a Detach Request message (Detach Type, P-TMSI, P-TMSI Signature, Switch 
Off) to its corresponding SGSN. In accordance with this proposed solution, tiie mobile wireless 
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tenninal 14 will include its old P-TMSI in the Detach Request message. In this way, the SGSN 
will know which P-TMSI to store in the HLR 30. 

ThG wireless telephony network 10 initiates detachment 

To initiate detachment, the SGSN sends a Detach Request message to the mobile 
wireless terminal 14. In response, the mobile wireless terminal 14 sends a Detach Accqpt 
message to the SGSN. However, with a network-initiated detachment, no P-TMSI exchange 
occurs upon receipt of tihe request or acceptance messages to remove the P-TMSI ambiguity. 
The UMTS 3GPP standard does not discuss P-TMSI reallocation and the possibility of a 
network-initiated detachment collision. Typically, the wireless telephony network 10 can wait 
until transmission of a P-TMSI Reallocation Completion acknowledgement message fiom the 
mobile wireless terminal 14 to the SGSN. The mobile wireless terminal 14 will then send the 
Detach Request message to the wireless telephony network 10 to avoid ambiguity when the 
terminal powers up again. In such an instance, the SGSN stores the new P-TMSI in the HLR 
30. 

Solution 2 

Another proposed solution would require liie SGSN to send both old and new P-TMSI to 
the HLR 30. Thus, at the time of attachment, the HLR 30, when queried by a new SGSN, can 
map whichever P-TMSI is sent by mobile wireless tenninal 14 to the stored IMSI. 

The foregoing describes a technique for protecting the identity of a mobile wireless 
terminal during attachment to a wireless telephony network. 
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CLAIMS: 



1 1 . A method for protecting the identity of a mobile wireless terminal during 

2 attachment to a wireless network, comprising the steps of: 

3 receiving in the network a request for access from a mobile wireless t^minal previously 

4 registered with the network; 

5 querying at least one serving node in the wireless network to recognize die mobile 

6 wireless network in accordance with a temporary identity contained in the access request, but if 

7 no serving node recognizes the mobile wireless terminal, then 

8 launching a query from the one serving node to a register in the wireless network storing 

9 identity infomiation of previously registered mobile wireless terminals to identify the mobile 

10 wireless from its temporary identity; and 

1 1 sending an identification response from register to the at least one serving node to 

1 2 identify the mobile wireless terminal. 



1 2. The method according to claim 1 further comprising the step of updating the 

2 register each time the temporary identity of the mobile wireless terminal is allocated (including 

3 allocation the very first time and reallocation). 

1 3. The method according to claim 1 further comprising die step of updating the register 

2 at detachment of the mobile wireless terminal from the wireless telephony network. 

1 4. The method according to claim 3 wherein the at least one serving node discards a 

2 stored temporary identity for the terminal upon receipt of a detachment request and an 

3 acknowledgement from the terminal. 



1 
2 
3 



5. The method according to claim 4 further comprising the step of storing in the at 
least one serving node a temporary identity contained in the detachment request when the 
mobile wireless terminal initiates detachment 
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1 6. The method according to claim 3 further comprising the step of storing a new 

2 temporary idaitity for the mobile wireless terminal following temporary identity reallocation 

3 when the wireless telephony network initiates detachment of the mobile wireless terminal. 

1 7. The method according to claim 1 further comprising the step of storing bofh new 

2 and old temporary identities for the mobile wireless terminal in tiie register following a 

3 temporary identity reallocation. 

1 8. A wireless network for protecting tiie identity of a mobile wirel^s terminal 

2 during attachment, comprising: 

3 at least one serving node for receiving a request for access from a mobile wireless 

4 terminal previously registered with the network and for identifying the terminal in accordance 

5 with a temporary identity contained in the access request when the serving node has knowledge 

6 of the terminal; and 

7 a register in the wireless network storing identity information of previously registered 

8 mobile wireless terminals to identify the mobile wireless from its temporary identity in response 

9 to a query from the at least one serving node when the one node lacks knowledge of the 
10 terminal. 



9. The network according to claim 8 wh^ein the register is updated each time the 
temporary identity of the mobile wireless terminal is allocated. 



1 10. The network according to claim 8 wherein the register undergoes updating at 

2 detachment of the mobile wireless terminal from tiie wireless telephony network. 

1 11. The network according to claim 1 0 wherein the at least one serving node discards 

2 a stored temporary identity for the temiinal upon receipt of a detachment request and an 

3 acknowledgement from the terminal. 

1 12. The network according to claim 1 1 wherein die at least one serving node stores a 

2 temporary identity contained in the detachment request when the mobile wireless terminal 

3 initiates detachment. 
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13. The network according to claim 12 wherein the at least one serving node stores a 
new temporary identity for the mobile wireless terminal following temporary identity 
reallocation when the wireless telephony network initiates detachment of the mobile wireless 
terminal. 

14. The network according to claim 8 wherein the register stores both new and old 
temporary identities for the mobile wireless terminal following a temporary identity 
reallocation. 
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^5 (57) Abstract: Secure access by a mobile wireless teiminal (14) of a wireless telephony network (10) is achieved by having a 
^5 Home Location Register (30) store the terminal's temporary and permanent identities. Upon accessing the network following initial 
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way, the pennanent identity of the mobile wireless terminal remains secure. 



